CVE-2006-3676

Name of the Vulnerable Software and Affected Versions planetGallery versions prior to 14.07.2006

Description The issue allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory. This bypasses a regular expression check for safe file types.

Recommendations For versions prior to 14.07.2006, consider restricting access to the admin/gallery admin.php file until a fix is available, and avoid uploading files with double extensions to prevent exploitation.